KuppingerCole analysts expect the Zero Trust Network Access market to reach USD $7.34 billion in 2025, with a Compound Annual Growth Rate (CAGR) of 17.4%.

North America holds the largest global revenue market share with 47.4%, followed by EMEA with 25.7% and APAC with 18.2%.

Zero trust is a concept that assumes any network is always hostile, and therefore, every IT system, application and user is constantly exposed to potential external and internal threats.

This concept has garnered popularity due to being a modern alternative to traditional perimeter-based security.

By using this model to design an infrastructure, every user, application, or data source is treated as untrusted, and the infrastructure enforces continually verifying identities through strict security, access control and in-depth auditing to ensure all user activities are visible, and as a result, all users are accountable.

ZTNA is a concept within zero trust, playing a crucial role.

While Virtual Private Networks (VPNs) may have previously been a common solution to offering secure remote access, the pandemic forced most corporate workforces to work from home for two years.

This led to the hybrid working, or ‘work from anywhere’ model becoming a popular mainstay of post-pandemic life.

However, the key difference between modern ZTNA and legacy VPN offerings is that the control and data planes are separated, allowing them to be set up in different locations while still enabling visibility across complex deployments to be managed from a single point.

Further, ZTNA offers major advantages compared to traditional on-premises VPN systems through its SaaS-based management tools.

These modern solutions also have greater flexibility and scalability than aging VPN infrastructures.

KuppingerCole’s findings come just days after Gartner released new research showing zero trust is top of mind for most organisations as a critical strategy to reduce risk, but few organisations have actually completed zero trust implementations.

Gartner predicts that by 2026, 10% of large enterprises will have a mature and measurable zero trust program in place, up from less than 1% today.

To help organisations complete the scope of their zero trust implementations, Gartner says it is critical that chief information security officers (CISOs) and risk management leaders start by developing an effective zero trust strategy that balances the need for security with the need to run the business.

Gartner analysts predict that through 2026, more than half of cyberattacks will be aimed at areas that zero trust controls don’t cover and cannot mitigate.

Gartner recommends that organisations implement zero trust to improve risk mitigation for the most critical assets first, as this is where the greatest return on risk mitigation will occur.

However, zero trust does not solve all security needs. CISOs and risk management leaders must also run a continuous threat exposure management (CTEM) program to better inventory and optimise their exposure to threats beyond the scope of ZTA.